GitLab

Right now we ship Torbutton and Tor Launcher and take care that we alone can make updates and that these updates take effect when they need to. But that might change if all extensions need to get signed beforehand by Mozilla to be accepted by the underlying browser (see: https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/).

The easy solution would be to just disable that feature entirely in Tor Browser (either by flipping a preference or a build switch) but I think we should be smarter here and use the signing requirement for extensions not written by us but exempt our add-ons from it.

The tracking bug is: https://bugzilla.mozilla.org/show_bug.cgi?id=1047239

Marking this for ESR 45 as it won't take effect in ESR 38.